How Will GDPR Impact Your Organization’s Online Reputation
May 25, 2018 is the enforcement date of the General Data Protection Regulation (GDPR). Not many organizations, however, are aware of this implementation date nor are they aware of what the GDPR is all about and its effects to online reputation.
The HubSpot GDPR Survey conducted in the third quarter of 2017 showed that only 36% of business leaders and marketers surveyed heard of GDPR. Put it in a different way, less than half of the business leaders and marketers surveyed by HubSpot are aware that GDPR exists.
As expected, when asked about their preparation for the implementation of GDPR, the answer wasn’t encouraging either, with 42% saying they're only "somewhat prepared" for the GDPR, while 23% saying they aren't sure if their company has started to prepare for the GDPR.
Being compliant with GDPR is more than following the law. Being compliant with GDPR is a brand awareness issue. It sends a positive message to your customers that your organization values their privacy and security.
Recent exposure of high-profile data breaches that of Equifax and Uber showed the world the ill-effects of weak cyber security measures, mishandling of sensitive data and late reporting of data breaches.
What is GDPR?
GDPR is a European Union (EU) law that sets forth harsh penalties to organizations that fail to protect the personal data of EU residents. The law replaces EU’s former data protection legislation, the Data Protection Directive 95/46/EC.
The law is aimed to harmonize data privacy laws across Europe. Unlike its predecessor the Data Protection Directive, the GDPR isn’t open to interpretation by national governments. It’ll surely send shockwaves, not only in Europe but in other countries as well.
If your organization or business isn’t based in the EU, it’s normal that you’d instinctively dismiss this law for its geographical inapplicability. GDPR, however, shouldn’t be dismissed as solely an EU law as this law has an “extra-territorial” applicability. This means that your organization or business, even though based outside the EU, will still be covered by this law if your organization or business processes personal data – offer goods or services online or monitor the online behavior of EU residents.
Key Provisions of GDPR
Here are the top 5 key provisions of the GDPR:
1. Consent Requirement
Under GDPR, EU customers have the right to choose whether they want an organization or business to store their personal data. They also have the right to choose whether they want to be contacted or not. In the case of a minor, parental consent is required.
2. Right to be Forgotten
Under GDPR, EU customers have the right to be forgotten, also known as the right to erasure. This requires organizations to delete the data of customers that no longer serve the original purpose or when customers choose to decide that their data shouldn’t anymore be processed or stored.
Under GDPR, EU customers have the right to get information from organizations whether or not their personal data are processed, where and for what purpose. Organizations are required to supply customers the information by providing a copy of the personal data, free of charge and in an electronic format.
4. Cyber Security
Under GDPR, organizations are required to implement cyber security measures that ensure safety and privacy of personal data that are being processed or stored. Cyber security measures referred under this law are those that prevent data breaches, not reactionary measures.
5. Data Breach Notification
Under GDPR, organizations are required to report where a data breach is likely to “result in a risk for the rights and freedoms of individuals”. This breach notification must be done within 72 hours after the discovery of the data breach.
For violating the substantial provisions of the law like consent, the maximum fine that can be imposed is 4% of the annual global turnover or €20 Million, whichever is higher. For violating procedural provisions of the law like data breach notification, the penalty of 2% of the annual global turnover or €10 million, whichever is higher, can be imposed.
Based on the HubSpot survey, the following marketing activities are expected to be impacted by the GDPR implementation: how data of customers are collected, security and privacy protocols, email opt ins, length of time personal data of customers are retained in the system, cold calling (sales outreach), how to renegotiate contract of marketing software vendors if they aren't compliant and lead enrichment.
If given the right to choose, EU consumers surveyed by HubSpot said they would:
While less than half of the business leaders and marketers surveyed by HubSpot are unaware and unprepared of GDPR, about half of those represented by those surveyed have undergone or undergoing the following activities in preparation for the GDPR implementation:
With the implementation of GDPR next year, business leaders and marketers surveyed by HubSpot said they will focus on the following:
Learn how to get GDP compliant and protect your business investments using The Driz Group compliance services. They have helped many organizations to make sense of the new legislation.
ReputationMart.com - passionate digital marketing team.